CVE-2013-4353

Published: 06 January 2014

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

Priority

Medium

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1.0.1f-1ubuntu1)
Patches:
Upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=197e0ea817ad64820789d86711d55ff50d71f631
openssl098
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable